Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Serenity/JS should make it easier to configure CA certifactes for Axios client used with the CallAnApi ability #2137

Open
2 of 3 tasks
jan-molak opened this issue Dec 19, 2023 · 0 comments
Open
2 of 3 tasks

Serenity/JS should make it easier to configure CA certifactes for Axios client used with the CallAnApi ability #2137

jan-molak opened this issue Dec 19, 2023 · 0 comments
Labels
enhancement A good idea that should be implemented help wanted @serenity-js/rest

Comments

@jan-molak
Copy link
Member

jan-molak commented Dec 19, 2023
edited

What's the problem you're trying to solve?

The location of local CA certificates is not standardised across the various operating systems, which means that in order for a developer to use a custom certificate, they need to explicitly configure the Node.js https.Agent:

const options = {
  hostname: 'encrypted.google.com',
  port: 443,
  path: '/',
  method: 'GET',
  key: fs.readFileSync('/etc/ssl/certs/key.pem'),       // <- explicit configuration
  cert: fs.readFileSync('/etc/ssl/certs/cacerts.pem'),  // <-
};

const req = https.request(options, (res) => {
  // ...
});

Configuring Node.js can be quite challenging for developers, so being able to specify certificates as part of the regular Serenity/JS configuration could contribute to a better developer experience.

How would you like to solve it?

We could make CallAnApi accept a configuration object with additional rejectUnauthorized, cert, and key properties, and then configure the https.Agent based on those properties:

CallAnApi.using({
  baseURL: URL | string
  proxy: URL | string | AxiosRequestConfigProxyDefaults
  rejectUnauthorized: boolean
  cert: Path | string
  key: Path | string
})

For example:

CallAnApi.using({
  baseURL: 'https://stage.mycompany.com',
  proxy: 'https://proxy.mycompany.com',
  rejectUnauthorized: false,
  cert: '/etc/ssl/certs/cacerts.pem',
  key: '/etc/ssl/certs/key.pem',
})

Another advantage of extending the configuration to allow for cert, key, and rejectUnauthorized is that it would support implementing #594

Are there any alternatives?

Developers can specify a custom ability to CallAnApi using an https.Agent configured to accept their certificates:

CallAnApi.using({
  httpsAgent: new https.Agent({ 
    rejectUnauthorized: false,
    key: fs.readFileSync('/etc/ssl/certs/key.pem'),       
    cert: fs.readFileSync('/etc/ssl/certs/cacerts.pem'),  
  })
})

How can we make it happen?
@jan-molak jan-molak added enhancement A good idea that should be implemented @serenity-js/rest help wanted labels Dec 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement A good idea that should be implemented help wanted @serenity-js/rest
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jan-molak